Hi
Don’t know what happened virus got into my computer some kind of JS Trojan via ebay site today and avast 6 alarmed red box and downloaded and destroyed avast files!. Had to system restore in safe mode to recover. Red box alarm tried to disconnect broadband link connection and did not do this on version 6. On version 5 if there was something infected would disconnect automatically.
Had to scrub computer with several antimalware programs and got clean again! JS Trojan GEN! avast boot time scan did not pick anything also! when my computer was infected. Now clear after system restore in safe mode and re installed avast again!. See what happens next!
I heard of JS Trojan…Got rid of it on a friends’ computer…There is a few reminants usually left of JS Script Trojan… there was als Trojan Gen …In my Case on my buddy’s comp. There was some left in C/PROGRAM FILES and C/VALUEAD Also In my case I did a scan with MBAM, and as MBAM was scanning Avast Poppped up and on a MBAM scan, was catching the rest of JSScript maybe 2 or 3 Trojans and some spyware…
I guess as MBAM scans Avast keeps turning to check the folders also and because anti Virus are much faster it picked up the trojans gen in the MBAM files scan before MBAM, and put them in the Virus Chest…After that I rebooted the computer, and as the comp was loading Avast file shield caught a few more…Luck
I got a virus warning from Ebay an hour or 2 ago in a pdf?
Still running V5 due to v6 issues.
Restored ghost image to get rid but some strange things are afoot
Hi,
Been attacked again on orange web site (JS PDFKA GEN) http//nalmaron.cz.cc / 7540fd.pdf on their web site. Java tried to download something mallicious and pulled out broadband modem usb. Removed java, obvious a virus outbreak? Will see what happens (firewall is active) something not right. Scanned with boot scan again and clear. Will soon go back to version 5 again!
Have you sent these files to the Avast virus lab for testing? virus@avast.com or sent them to the lab from the Virus Chest? This might be a new threat going around.
Jack
Hi
Def a virus outbreak. I have removed java from my computer was the latest version. Will try a new firewall as using windows xp one only and see what is transmitting/receiving through my broadband. I am still online for 2 hours from last attack seems to be stable!.
Could be a new variant of trojans out.
Java are aware of this it is a flaw in the java system
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Hi
Thanks for that.
Will wait and re install java later. Not being attacked so far see how it goes!
Did you upload any of the infected files from the chest ?
Java SE Runtime Environment 6u24 has been available since February 15th. This release was supposed to fix the vulnerability, I think.
We need to be careful here, to properly distinguish what the problem is:
JS, assuming you’ve indicated that properly, stands for JavaSCRIPT,
which is completely distinct/separate from JAVA, despite their sound-alike names:
http://www.dannyg.com/ref/javavsjavascript.html
http://sislands.com/coin70/week1/javajs.htm
If your problem was with JavaScript, then removing Oracle/Sun Java won’t have any impact on the issue.
Hi
The detections before the virus crippled avast 6 was in the web sheild scanlogs and are JS PDF-ka GEN and will not move to avast chest from there to submit to avast!. Nothing is in avast chest location at all. What a mess!.
After rebuilding from a restore point now stable after using malware bytes and spybot search and destroy & hijack this and viewing hijack this log i am clean!. But i don,t think avast 6 is strong enough to stop a trojan getting in. Windows xp sp3 and fully patched!
will see how version 6 goes before dropping back to v5 which not had any problems for several years up and till now!
An interesting case.
But if version 6 is the vulnerable point, and not JS (even only that ›Java‹ is the Java we all talk about), I’ call it bold to take a system backup and wait with the same system status (which was infected) for malware coming in.
If we expect an attack, or more we assume the attack has come over us, to me only a scan of this system by an other OS will offer any clues or information.
Running even Avast or MBAM, or useless tools like SpyBot (against viruses / trojans…!), from the system which is suspected to be overrun does not make any sense. My virus shield must be up and stable to stop all incoming threats. If something has came in and did it’s work, all is lost.
Eric
Did you upgrade or do a clean install from v.5 to v.6? If you want to try v.6 again, you should uninstall using the new Avast Uninstaller Tool: http://files.avast.com/files/eng/aswclear6.exe and remove ALL previous versions you had on this machine in Safe Mode, then reboot.
If you decide to use v.5.1, then you still need to run the new Avast Uninstaller and do a clean install.
I would also suggest that you use NoScript in your browser to prevent scripting (unless by your option you enable it on trusted pages).
Also, check to make sure your other software is up to date with a free Secunia Software Scan http://secunia.com/vulnerability_scanning/personal/ and if an update is needed they will give you the vendor’s link to make it easier for you. Many of us here scan our machines with this weekly since software changes so frequently.
You also mentioned that you use SB. Do you have Teatimer (TT) enabled? Some have reported conflicts with TT and Avast.
Let us know if you have any other questions. Thank you.
Hi,
Yes removed avast after system restore in safe mode and used the removal tool on reboot into normal mode xp. Spybot tea timer not enabled.
IE8 On med/high and no scripting only on trusted sites.
The virus came through on Orange site, and Ebay uk sites yesterday.
see what happens.
Did you remove ALL versions of Avast with the new Uninstaller tool? Definitions are up to date?
Was scripting enabled while on e-bay? If others are also getting a warning with this site, then I would be careful - it could be the site or just a coincidental outbreak.
I can understand your frustration.
I am sad to say that I can confirm I also got this when looking at the eBay uk website yesterday ( the nalmeron one). It happned twice within miniutes but cant remember what the other one was. It happned again this morning and was from pjg2.co.cc.
Luckily, I don’t think it has infected my pc since avast told me to cancel (which I did) or open the connection to the sites (or w.e they are). After scanning doing a full system scan and a quick scan after both incidents and found nothing.
Very depressing though that after years of no problems suddenly what could have been 3 major problems have risen their ugly head.
Still, least avast appears to have stopped anything bad happening
if you search eBay virus on facebook, it appears to be number of people who had the same thing happen.
Hi,
Could be a DOS attack on ebay site also was on my home page on orange site uk and this attack occured yesterday evening also when i was on ebay!. Found out it installed a rogue antvirus and my desktop changed to blue background with 0&1s with red letters that your computer is infected and nothing would open. And popup alerts every 3 seconds. Googled (NETSKY VARIANT) NOW GOT RID OF! by going into safe mode and sys restore and using several spyware cleaners.
Also had system tools 2011 malware.
Now fully cured